This is how we protect your privacy.

We’re committed to keeping your personal information safe. That’s why we innovate ways to safeguard your privacy on your device, why we’re up front about how we personalize your experience, and why we equip developers with the best tools to protect your data.

We build safeguards into our products to protect your privacy.

Your personal data should always be protected on your device and never shared without your permission. So we build encryption, on-device intelligence, and other tools into our products to let you share what you want on your terms. We also use techniques like Differential Privacy to improve user experiences while protecting the information you share with Apple. Differential Privacy adds random information to your data before it’s analyzed by Apple, so we can’t link that data to your device. Instead, patterns appear only when the data is combined with the data from many other users, because the random additions average out. These patterns help Apple gain insight into how people are using their devices without collecting information about an individual.

Encryption

Encryption protects trillions of online transactions every day. When you’re shopping, paying a bill, or using iMessage or FaceTime, you’re using encryption. It turns your data into indecipherable text that can be read only by those with the right key. We were one of the first companies to automatically include native operating system–supported disk encryption with FileVault in macOS and data protection in iOS. We also refuse to add a backdoor into any of our products.

Apple Pay

When you add a credit, debit, or prepaid card to Apple Pay, we securely send your card information, along with other information about your account and device, to your card issuer. Using this information, the card issuer will determine whether to approve adding your card to Apple Pay.

Your actual card numbers are never stored on the device or on Apple servers. Instead, a unique Device Account Number is created and encrypted in a way that we can’t decrypt and is stored in the Secure Element of your device. The Device Account Number in the Secure Element is walled off from your operating system and is never stored on Apple Pay servers or backed up to iCloud. Except for transactions where you buy something from Apple using Apple Pay, we don’t track what you’re buying, so we can’t build a purchase history to serve you ads. We may receive anonymous transaction information such as the approximate time, location, and amount. This is used only to help us improve Apple Pay and other Apple products and services.

In stores, payments are processed by using the Device Account Number and a transaction-specific, dynamic security code. So neither Apple nor your device shares actual credit or debit card numbers with merchants. If you use a rewards card, we require any personally identifiable information — like your email address or phone number — to be encrypted when it’s sent. No rewards information is ever shared without your permission.

Some apps and websites check if you have enabled Apple Pay for convenience. You can choose to disable this setting for websites in Safari. When you make payments in an app or on a website, we receive your encrypted transaction information and re-encrypt it with a developer-specific key before it’s sent to the developer. With payments made on a MacBook Pro with Touch Bar and Touch ID, the payment is processed in the Secure Element. On other Mac computers, your Mac and any iOS device signed in to the same iCloud account communicate over an encrypted channel either locally or via Apple servers. We require all apps and websites using Apple Pay to have a privacy policy you can view, so you know how your data is being used.

iMessage

We use end-to-end encryption to protect your iMessage conversations across all your devices. With watchOS and iOS, your messages are encrypted on your device so that they can’t be accessed without your passcode. We designed iMessage so that there’s no way for us to decrypt your data when it’s in transit between devices. You can choose to automatically delete your messages from your device after 30 days or a year or to keep them on your device forever.

Third-party apps that use iMessage do not have access to participants’ actual contact information or conversations. iOS provides each app with a random identifier for each participant, which is reset when the app is uninstalled. iMessage and SMS messages are backed up on iCloud for your convenience, but you can turn iCloud Backup off whenever you want.

Health and Fitness

The information you add about yourself in the Health app is yours to use and share. You decide what information is placed in the Health app as well as who can access your data. When your phone is locked with a passcode, Touch ID, or Face ID, all your health and fitness data in the Health app is encrypted. And any Health data backed up to iCloud is encrypted both in transit and on our servers.

We require every single app in the App Store to provide a privacy policy for you to review, including apps that work with HealthKit. Your data in the Health app and your activity data on Apple Watch are encrypted with keys protected by your passcode.

If you decide to stop sharing your activity data with another user, then the other user’s device is instructed to delete any historical activity stored. You also have the ability to hide your activity, for instance, when you’re on vacation.

Analytics

Your iOS device can collect analytics about your iOS device and any paired Apple Watch and send it to Apple for analysis. The collected information does not identify you personally and can be sent to Apple only with your explicit consent. Analytics may include details about hardware and operating system specifications, performance statistics, and data about how you use your devices and applications. When it’s collected, personal data is either not logged at all, removed from reports before they’re sent to Apple, or protected by techniques such as Differential Privacy.

The information we gather from Differential Privacy helps us improve our services without compromising individual privacy. For example, this technology improves QuickType and emoji suggestions, as well as Lookup Hints in Notes.

We now identify commonly used data types in the Health app and web domains in Safari that cause performance issues. This information will allow us to work with developers to improve your experience without revealing anything about your individual behavior.

If you give your explicit consent, Apple can improve Siri and other intelligent features by analyzing how you use iCloud and the data from your account. Analysis happens only after the data has gone through privacy-enhancing techniques so that it cannot be associated with you or your account.

Safari

Safari was the first browser to block third-party cookies by default and offer Private Browsing. We automatically work to prevent suspicious sites from loading. We also use sandboxing to keep harmful code confined to a single browser tab so that it can’t reach the rest of your data.

We have enabled app developers to use Safari content blockers in iOS and make them more effective on macOS. You can control what content is loaded onto your browser and block content from anyone attempting to track your activity on a website or across websites. We also designed Safari content blocker support so that it can’t send information to developers about the sites you visit.

In iOS 11 and macOS High Sierra, we introduced Intelligent Tracking Prevention. You may have noticed that when you look at something to buy online, you suddenly start seeing it everywhere else you go on the web. This happens when a third party tracks cookies and other website data to feed you ads across various websites. Intelligent Tracking Prevention uses the latest in machine learning and on-device intelligence to reduce this cross-site tracking. It works by separating the third-party content used to track you from other browsing data, so what you look at on the web remains your business — not an advertiser’s. And with iOS 12 and macOS Mojave, Intelligent Tracking Prevention works even harder. Now, when third-party tracking sites attempt to create cookies or store data, they can do so only with your explicit consent.

iCloud

All your iCloud content — like photos, contacts, and reminders — is encrypted when it’s transferred and, in most cases, when stored on our servers. We also encrypt the information that is transferred between any email app you use and our iCloud mail servers.

Encrypted iCloud Data

Photos

Documents

Calendars

Contacts

iCloud Keychain

Backup

Bookmarks

Reminders

Find My iPhone

Find My Friends

Mail (encrypted in transit)

Notes

With iCloud sharing, the identities of participants are never made available to anyone who has not been invited to and accepted a private share. The names of your shared files and the first and last name associated with your iCloud account are available to anyone who has access to the sharing link, including Apple.

If we use third-party vendors to store your information, we encrypt it and never give them the keys. Apple retains the encryption keys in our own data centers, so you can back up, sync, and share your iCloud data. iCloud Keychain stores your passwords and credit card information in such a way that Apple cannot read or access them.

In iOS 11 and macOS High Sierra or later, end-to-end encryption in iCloud syncs certain types of personal data, such as your Siri information, across all your devices in such a way that Apple cannot read or access it.

Education Privacy

We created privacy features and services that are designed specifically for education, including Apple School Manager, iTunes U, and Managed Apple IDs. We don’t sell student information and we never share it with third parties to use for marketing or advertising. We don’t collect, use, or disclose student information other than to provide relevant educational services. And we never track students or build profiles based on their email or web browsing. With Managed Apple IDs, the student’s information is under the control of the education institution. And schools can purchase and deliver apps to a student’s iPad without using an iTunes login.

In the Schoolwork app only the student and teachers listed as instructors of a course have access to student progress information, and only if the school has enabled student progress recording in Apple School Manager. Teachers only have access to progress data on activities assigned for the specific class they teach.

Each parent can decide if they want their child to participate, and students have access to their own data on their device. To ensure additional transparency, students will see a notification anytime their progress is being recorded.

To provide the best privacy protections for students and teachers, we have updated all relevant agreements and processes to align with the EU General Data Protection Regulation (GDPR). In addition, Apple has signed the Student Privacy Pledge, further underscoring our commitment to protecting the information students, parents, and teachers share in our schools.

CarPlay

All the rigorous privacy measures built into your iPhone and apps carry over to CarPlay. Only essential information that enhances the CarPlay experience will be used from your car. For example, data such as your car’s GPS location can be used to help iPhone produce more accurate results in Maps.

Get a personalized experience and maintain control of your privacy.

Sometimes we use your data to provide you with a more personalized experience. We’re always up front about what we collect from you, and we give you the controls to adjust these settings.

Photos

The Memories and Sharing Suggestions features in the Photos app use on-device intelligence to scan your photos and organize them by faces and places. This photo data is shared between your devices with iCloud Photos enabled.

In iOS 11 or later, apps can ask for access to a single photo instead of all your photos. In addition, apps that simply need to place a photo in your Photos library can ask only for that access. Apps can still ask for general access to your photos if needed.

Health and Fitness on HealthKit

Improve Activity and Improve Wheelchair Mode send data from iPhone and Apple Watch to Apple so we can increase the effectiveness of health and fitness features. This includes movement measurements, which other fitness apps you have installed, your approximate location, and how long you have been using Apple Watch. The data is not used for any other purpose and does not include personally identifiable information.

Apple Music

To help Apple Music features like Radio, For You, and Connect reflect your musical tastes, we collect some information about your activity in the app. This is detailed during setup in “About Apple Music & Privacy.” The songs you stream aren’t used by any other service to advertise to you. And if you don’t want to keep your music collection on our servers, you can opt out of iCloud Music Library. iOS puts you in control of which apps can access your Music account and associated details.

The Apple Music Friends feature lets you share your favorite music — and decide which friends can see the music in your profile.

Maps

You don’t have to sign in to use Maps. Personalized features are created using the data on your device. The data Maps collects while you use the app is associated with random identifiers so it can’t be tied to your Apple ID. These identifiers reset themselves as you use the app to ensure the best possible experience and to improve Maps.

Maps extensions that are used in ride-booking and reservation apps run in their own sandboxes and share permissions with their own parent apps. For ride-booking apps, Maps shares only your starting point and destination with the extension. And when you reserve a table at a restaurant, the extension knows only the point of interest you tapped on.

Advertising

Ads that are delivered by Apple’s advertising platform may appear in the App Store or News. Ads in the App Store and in News are marked so you can tap to see why you were served a particular ad. You can also go into Settings to view what data may be used to determine which ads we deliver to you.

Ads in the App Store and News do not access user data from other Apple services like Apple Pay, Maps, Siri, iMessage, and iCloud. They also don’t use data from user devices through services and functions such as Health, HomeKit, email, contacts, and call history. In the App Store, your search and download history may be used to serve you relevant search ads.

We give developers powerful tools to protect your data.

Developers can use our Touch ID APIs, 256-bit encryption, and app transport security to build apps that keep your data secure. We also require developers to ask for permission and provide an explanation when requesting access to personal information on your device, like your photos and contacts. All apps are sandboxed to better protect your personal information.

Apps

On the App Store, we require app developers to agree to specific guidelines that are designed to protect user privacy and security. When we become aware of an app that violates our guidelines, the developer must address the issue or the app will be removed from the App Store. Apps go through a review process before becoming available on the App Store to make sure that they function the way they are described by the developer. Once an app is installed on your device, you are prompted for permission the first time it tries to access information such as your location or photos. You always have the power to make changes to the permissions you’ve granted. And iOS 11 gives you the control to provide your location to any app only while you’re using it.

We also make sure that there are certain types of data on your device that apps simply can’t access, and that there is no way for an app to ask for complete access to all of your data. We were the first to provide this level of security, and we will continue to build strong safeguards into our platforms.

DeviceCheck

With every iOS release, we reduce the amount of information that apps can attempt to silently access in an effort to track your activity. However, apps sometimes require information — for example, if your device has previously used their services or completed free trials. To continue to protect your privacy while also giving developers the information they need in a privacy-friendly manner, we introduced DeviceCheck in iOS 11. DeviceCheck allows each app to store two true/false flags about a device. The intent of the flags is defined by the developer and is unknown to Apple.

HomeKit

Apps supported by HomeKit are restricted by our developer guidelines to using data solely for home configuration or automation services. Apple does not know what devices you’re controlling or how and when you’re using them. Data related to your home is encrypted and stored in the keychain of your device. It’s also encrypted in transit between your Apple device and the devices you’re controlling in your home. And when you control your accessories from a remote location, that data is encrypted when it’s sent. So Apple doesn’t know which devices you’re controlling or how you’re using them.

When apps perform automatic actions based on your location, such as turning on house lights, these actions are initiated by HomeKit, which makes your location invisible to the app. You can also disable use of your location at any time.

ResearchKit and CareKit

ResearchKit and CareKit are open source software frameworks that take advantage of the capabilities of iPhone. ResearchKit enables developers to create apps that let medical researchers gather robust and meaningful data for studies. And CareKit is a platform for developers to create apps that help individuals take a more active role in their own well-being.

With ResearchKit, you choose which studies you want to join and share with researchers or doctors, and you control the information you provide to individual apps. Apps using ResearchKit or CareKit can pull data from the Health app only with your consent. Any apps built using ResearchKit for health-related human subject research must obtain consent from the participants and must provide information about confidentiality rights and the sharing and handling of data. These apps must also be approved by an independent ethics review board before the study can begin.

For certain ResearchKit studies, Apple will be listed as a researcher, receiving data from participants who consent to share their data with researchers, so we can participate with the larger research community in exploring how our technology could improve the way people manage their health.

HealthKit

HealthKit allows developers to create health and fitness apps to share their data with the Health app and with each other. As a user, you have control over which elements of your HealthKit information are shared with which apps. Apps that work with HealthKit are prohibited by our developer guidelines from using or disclosing HealthKit data to third parties for advertising or other data mining purposes. Apps can share data for the purpose of improving your health or health research, but only with your permission. We also require apps that work with HealthKit to provide a privacy policy for you to review.

CloudKit

CloudKit helps keep your preferences, settings, and app data up to date across your devices. Developers use CloudKit to make it easier for you to use their apps because you don’t have to sign in separately. By default, developers don’t have access to your Apple ID, just a unique identifier. If you give your permission, developers can use your email to let others find you in their app. You’re always in control of these permissions and can turn them on or off at any time. Your data isn’t shared with developers unless you choose to share or post publicly.